StartupList report, 05/06/2007, 12:22:25 StartupList version: 1.52.2 Started from : C:\Documents and Settings\Steve Geary\My Documents\My Received Files\_SOFTWARE TOOLS\Hijackthis\hijackthis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Citrix\GoToMyPC\g2svc.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Citrix\GoToMyPC\g2comm.exe C:\Program Files\Citrix\GoToMyPC\g2pre.exe C:\Program Files\Citrix\GoToMyPC\g2tray.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\System32\CePMTray.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\MSN Messenger\livecall.exe C:\Program Files\Apple Software Update\SoftwareUpdate.exe C:\Program Files\Ensign\eChat\eChat.exe C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe C:\Documents and Settings\Steve Geary\My Documents\My Received Files\_SOFTWARE TOOLS\PingPlotter\Ping Plotter Freeware\PingPlotter.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe C:\Documents and Settings\Steve Geary\My Documents\My Received Files\_SOFTWARE TOOLS\ProcessExplorerNt\procexp.exe C:\Documents and Settings\Steve Geary\My Documents\My Received Files\_SOFTWARE TOOLS\Hijackthis\hijackthis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Steve Geary\Start Menu\Programs\Startup] Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Apoint = C:\Program Files\Apoint2K\Apoint.exe CeEPOWER = C:\WINDOWS\System32\CePMTray.exe vptray = C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe MaxtorOneTouch = C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe GoToMyPC = C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe" -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run regsrv32.exe = regsrv32.exe swg = C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell= SCRNSAVE.EXE= drivers= Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\System32\scrnsave.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045} (no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6} (no name) - c:\program files\google\googletoolbar3.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7} -------------------------------------------------- Enumerating Task Scheduler jobs: AppleSoftwareUpdate.job DAILY BRIEFING BATCH.job DAILY calendar BATCH.job DAILY pre MARKET MOST ACTIVES BATCH.job {5B9FABDF-4C79-41AF-B708-7C106632F535}_LAPTOP_Steve Geary.job {6C37FB9D-C73B-432E-B28A-90920EAE83FA}_LAPTOP_Steve Geary.job {83DD4BD8-8EE8-4EF4-B96F-CFBFD3B865DD}_LONDEVWSN10365_Steve Geary.job {8C5D75A7-398A-4BC2-AAFE-5B777D5C31C3}_LONDEVWSN10365_Steve Geary.job {AD1CFA76-B58E-4D80-9D43-173E743F9824}_LAPTOP_Steve Geary.job {E7BF99FC-E912-4047-9436-0B8DF70E8615}_LONDEVWSN10365_Steve Geary.job {F00D4D33-A5C0-4E58-B604-143F9F09716A}_LONDEVWSN10365_Steve Geary.job -------------------------------------------------- Enumerating Download Program Files: [QuickTime Object] InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab [Windows Genuine Advantage Validation Tool] InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204 [Installation Support] InProcServer32 = C:\Program Files\Yahoo!\Common\Yinsthelper.dll CODEBASE = C:\Program Files\Yahoo!\Common\Yinsthelper.dll [MSN Photo Upload Tool] InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MsnPUpld.dll CODEBASE = http://spaces.msn.com//PhotoUpload/MsnPUpld.cab [WUWebControl Class] InProcServer32 = C:\WINDOWS\system32\wuweb.dll CODEBASE = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133629327534 [Application Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\tstemp.dll CODEBASE = https://www.tradestation.com/tscom/ClientPlugIn/tsTemp.cab [{9F1C11AA-197B-4942-BA54-47A8489BB47F}] CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37983.3073842593 [SassCln Object] InProcServer32 = C:\WINDOWS\Downloaded Program Files\SassCln.dll CODEBASE = http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB [Crucial cpcScan] InProcServer32 = C:\WINDOWS\Downloaded Program Files\cpcScan.dll CODEBASE = http://www.crucial.com/controls/cpcScanner.cab [MsnMessengerSetupDownloadControl Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx CODEBASE = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Hotmail Attachments Control] InProcServer32 = C:\WINDOWS\Downloaded Program Files\HMAtchmt.ocx CODEBASE = http://by126fd.bay126.hotmail.msn.com/activex/HMAtchmt.ocx [Performance Viewer Activex Control] InProcServer32 = C:\WINDOWS\Downloaded Program Files\RACtrl.dll CODEBASE = https://secure.logmein.com/activex/ractrl.cab?lmi=100 -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- End of report, 8,600 bytes Report generated in 0.161 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only